Marriott, the worlds largest hotel chain disclosed that hackers took away 500 million guest account information. The breach seem to have happened at one of the recently acquired hotel chain, Starwood Hotels and Resorts Worldwide.
Starwood Hotels and Resorts Worldwide was acquired by Marriott International for $13 billion in 2016. The brand includes St. Regis, Sheraton Hotels & Resorts, W Hotels, Westin Hotels & Resorts, Aloft Hotels, Tribute Portfolio, Element Hotels, Le Méridien Hotels & Resorts, The Luxury Collection, Four Points by Sheraton and Design Hotels.
The data breach has started in 2014 after an "unauthorized party" managed to gain unauthorized access to the Starwood's guest reservation database, and had copied and encrypted the information.
On September 8, 2018, Marriott alerted by a security system Marriott learned about the breach and during the subsequent investigation they discovered that there had been unauthorized access to the Starwood network since 2014. The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it. On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.
“We deeply regret this incident happened, We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.” said Arne Sorenson, Marriott’s President and Chief Executive Officer.
Marriott has further information for the guests;
Guest Support
Marriott has taken the following steps to help guests monitor and protect their information:
Dedicated Website and Call Center
We have established a dedicated website (info.starwoodhotels.com) and call center to answer questions you may have about this incident. The frequently-asked questions on info.starwoodhotels.com may be supplemented from time to time. The call center is open seven days a week and is available in multiple languages. Call volume may be high, and we appreciate your patience.
Email Notification
Marriott will begin sending emails on a rolling basis starting today, November 30, 2018, to affected guests whose email addresses are in the Starwood guest reservation database.
Free WebWatcher Enrollment
Marriott is providing guests the opportunity to enroll in WebWatcher free of charge for one year. WebWatcher monitors internet sites where personal information is shared and generates an alert to the consumer if evidence of the consumer’s personal information is found. Due to regulatory and other reasons, WebWatcher or similar products are not available in all countries. Guests from the United States who activate WebWatcher will also be provided fraud consultation services and reimbursement coverage for free. To activate WebWatcher, go to info.starwoodhotels.com and click on your country, if listed, for enrollment.
Marriott is furnishing a Form 8-K with the SEC attaching a copy of this press release and presenting certain other information with respect to the incident.